On Tue, Nov 22, 2016 at 3:28 AM, Hong Gang Liu <[email protected]> wrote:
> Hi folks, > > > > I'm working on setting up keystone(identity API) high available function > with Newton release on CentOS 7.2 . According to document > http://docs.openstack.org/ha-guide/controller-ha-identity.html , I use > pacemaker to achieve it. > > > > Unfortunately, the document is out-of-date, such as: > > 1. the doc suggest to add "systemd:openstack-keystone" resource to > pacemaker. However, as a separate service, openstack-keystone has already > been deprecated/dropped in Newton release. It's integrated into httpd > service as well as horizon. > > 2. modify conf file of keystone and other services, the parameter most are > changed too. > > > > After investigation, I made some progress by following steps: > > > > 1. use ocf instead of systemd: download keystone ocf file from > https://git.openstack.org/cgit/openstack/openstack- > resource-agents/plain/ocf/keystone, then add rx to it. Besides this, I > also did more modification on ocf because some keystone commands used in it > are deprecated/dropped too: such as change "keystone-all" to > "keystone-manage", remove "keystone" etc. > > 2. after step 1# action, pcs can list out the openstack-keystone as ocf > resource, then add it successfully. > > 3. add virtual IP resource to pcs successfully. > > 4. modify 'admin_bind_host/publid_bind_host" in keystone.conf to vip. > > 5. update 3 keystone endpoint values to vip in database. > > 6. modify auth_url/auth_uri in other OpenStack services conf files to vip. > > 7. modify the keystonerc_admin OS_AUTH_URL to vip. > > 8. restart all services. > > But it doesn't work, the symptom is I can use curl commands to get the > endpoints lists from vip url, but all openstack command line failed with > error message 404 while getting tokens. > Propose a patch to update the manual :) > So want to know your points on the following questions: > > 1. is there any new document for keystone high available function on > newton? > > 2. for Newton release, keystone is not a separate system service any more, > it's integrated into httpd as sub-service, does pacemaker and OpenStack > still support keystone HA function? > > 3. Does anyone setup keystone HA on newton release successfully? > There was a mailing list thread about this a few months ago: http://lists.openstack.org/pipermail/openstack/2016-September/017611.html Theres a lot of good information on that (there were many replies)
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : [email protected] Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
